Wednesday, October 06, 2004

U.S. Senate Wants Database Dragnet

Senate Wants Database Dragnet
Wired News | October 6 2004

The Senate could pass a bill as early as Wednesday evening that would let government counter-terrorist investigators instantly query a massive system of interconnected commercial and government databases that hold billions of records on Americans.

The proposed network is based on the Markle Foundation Task Force's December 2003 report, which envisioned a system that would allow FBI and CIA agents, as well as police officers and some companies, to quickly search intelligence, criminal and commercial databases. The proposal is so radical, the bill allocates $50 million just to fund the system's specifications and privacy policies.

The Senate will likely have its final vote on the bill, sponsored by Joseph Lieberman (D-Connecticut) and Susan Collins (R-Maine), Wednesday night. The draft of the bill was based on recommendations of the so-called 9/11 Commission, which investigated the United States' lapse in intelligence and security procedures prior to the Sept. 11, 2001, attacks.

To prevent abuses of the system, the Markle task force recommended anonymized technology, graduated levels of permission-based access and automated auditing software constantly hunting for abuses.

An appendix to the report went so far as to suggest that the system should "identify known associates of the terrorist suspect, within 30 seconds, using shared addressees, records of phone calls to and from the suspect's phone, e-mails to and from the suspect's accounts, financial transactions, travel history and reservations, and common memberships in organizations, including (with appropriate safeguards) religious and expressive organizations."

But task force member James X. Dempsey, director of the Center for Democracy & Technology, says the commercial records involved are more limited public records, such as home ownership data, not information about what mosque someone belongs to.

He said he believes it's "absurd" to prohibit the FBI from using a commercial database like ChoicePoint to find a suspected terrorist's home address (though the FBI currently can and does do this). On the other hand, he asked, "Should they be able to go to ChoicePoint and ask for all the subscribers to Gun Owners Monthly? No, I don't think so."

The proposed network would not look for patterns in data warehouses to attempt to detect terrorist activities, Dempsey said. Instead, an investigator would start with a name and the system would try to see what information is known about that person.

But critics say the Senate is moving too fast and the network could infringe on civil liberties. Lawmakers are taking a "boil the ocean" approach, according to Robert Griffin, president of Knowledge Computing. His company runs Coplink, a widely used system for linking law enforcement databases. Despite being a supporter of increased information sharing, Griffin criticized the proposal for trying too much too soon and relying too heavily on commercial data.

"The next Mohammed Atta is not going to be found in commercial databases," Griffin said, referring to the tactical leader of the 9/11 attacks. "We are going to stop him running a red light somewhere, and we are going to run relationships associations with this guy and we are going to say, gee, you have things in common with guys on watch lists. That's how you are going to find the guy -- not because he has bad credit."

Civil liberties lawyer Lee Tien of the Electronic Frontier Foundation accused Congress of "institutional laziness" for not holding hearings on the proposal to hear the perspectives of advocates for consumers or battered women. Tien also argued that a widespread lack of privacy and due process protections would make data sharing dangerous.

"If someone transfers your credit report or medical history, you have no way of knowing," Tien said. "The natural feedback we expect in the physical world just doesn't work in the area of information. You have to be careful."

However, technology professor Dave Farber said that his work on the task force convinced him the task force's model was a "critical" tool in the fight against terrorists.

"A lot of (task force members) were very uncomfortable about data sharing," Farber said. "But all of us at the end felt confident that if the recommendations were followed, it was as good as it was going to get relative to privacy protections."