By John Borland
Staff Writer, CNET News.com
October 20, 2004, 4:00 AM PDT
To show why the government's terrorist-finding database doesn't work, Elizabeth LaForest points to her own case file: While her arrest records are authentic, these days the 89-year-old Roman Catholic nun doesn't often run afoul of the law when taking part in peace demonstrations.
So Sister LaForest joined the American Civil Liberties Union this year to sue the state of Michigan, charging that a controversial law enforcement data-sharing program there was breaking the state's privacy laws.
"I have been very concerned about our privacy rights--they're all being taken away," she said in an interview from her retirement home in Oakland County, Mich. "That's one of the rights we have in the Constitution."
Privacy organizations have fought an uphill battle on Fourth Amendment protections since the terrorist attacks of Sept. 11, 2001, particularly in the area of high-tech surveillance. But the debate has taken on particular urgency with advancements in "data mining," a technology used to identify patterns based on the millions of bits of information stored in public and commercial computer systems.
The use of data mining represents a technological sea change in the way the federal government gathers, stores and analyzes information on its own citizens--perhaps the most substantial transformation in domestic intelligence since the excesses of FBI Director J. Edgar Hoover led to sweeping privacy law reforms in the mid-1970s.
The trend has already led to a string of colossal public-relations disasters, including defunct initiatives such as the Pentagon's Total Information Awareness program and the CAPPS II airline passenger-screening project, but the promise of data-mining and data-sharing technologies remains too tempting for government agencies to resist.
Civil libertarians say they recognize the importance of such technologies in counterterrorism efforts but stress that these programs must be accompanied by parallel changes in laws. Rather than deal with objections after the fact, they say the government must build privacy protections into these programs from their inception.
"We need to write those rules, and they need to be part of the system," said James Dempsey, executive director of the nonprofit Center for Democracy and Technology."
The most ambitious data-mining proposal came quickly after Sept. 11 in the form of the Total Information Awareness project, launched in 2002 and run by retired Rear Adm. John Poindexter at the Defense Advanced Research Projects Agency (DARPA). Poindexter, a key figure in the Iran-Contra scandal, envisioned "ultra-large-scale" database technologies that would search commercial and government databases while monitoring information streams such as retail transactions to identify "signature" behaviors of terrorists.
"We must become much more efficient and more clever in the ways we find new sources of data, mine information from the new and old, generate information, make it available for analysis, convert it to knowledge and create actionable options," Poindexter said in a conference address in 2002. "Certain agencies and apologists talk about connecting the dots, but one of the problems is to know which dots to connect."
After an outcry among civil liberties groups, the TIA program was scaled back before Congress eliminated its funding. Many technologists, led by the Association of Computing Machinery, said the technical problems with Poindexter's vision were as deep as its potential privacy abuses.
"Computers are not magic," said Barbara Simons, the association's former president. "Programs are only as good as the people who write them and feed the data into them."
CAPPS II (Computer Assisted Passenger Prescreening System)--a proposed successor to today's rudimentary passenger-screening system--met a similar fate after its own flirtation with what the government calls "automated risk assessment."