Preventing Terrorism, Protecting Privacy
Report Examines the Pros and
Cons of Data Mining
Sending an e-mail, making a credit card purchase, phoning a friend -- many Americans do these things dozens of times a day without giving it much thought. Though these activities feel ephemeral, they are recorded in vast corporate databases, becoming part of each person's digital history. Many of these databases are available to federal counterterrorism agencies, who know that terrorists use many of the same communications and financial channels as law-abiding citizens. These agencies have sought to use sophisticated computer programs to "mine" this data, trying to spot patterns that may indicate terrorist activities among the millions of transactions that happen every day.
Are these and other methods being used really successful at detecting terrorists? And how might they affect the privacy of innocent citizens who are wrongly flagged as suspicious? A recent report from the National Research Council considers these questions, and offers guidance to policymakers on balancing legitimate security needs with protection for citizens' civil liberties.
Some data-mining techniques can be effective, speeding and expanding the work of investigators who already have a lead, the report says. Agents can use them to quickly find out who has communicated with or transferred money to a known terror suspect, for example. And if there is a historical basis for concluding that a certain pattern of activity is linked to terrorism, then searching for similar patterns could yield helpful investigative leads.
The problem is that little is known about which patterns are linked to terrorism. So programs that scan databases looking for any unusual patterns are apt to turn up far too many false leads to be useful, the report concludes. It adds that no one should be arrested, searched, or have their rights denied simply because an automated data-mining program has identified them as suspicious.
Another counterterrorism technique that agencies are researching and starting to use raises even thornier privacy concerns. Behavioral surveillance methods monitor people's actions and physiological signs -- heart activity or voice tone, for example -- to try to determine if someone is about to commit a terrorist attack. Right now there is no consensus on whether these techniques are ready for use at all, the report says; at most they should be used to screen people for further investigation. Even then, these techniques raise serious privacy concerns, since those who are detained will inevitably be forced to explain and justify their emotional states. For instance, a man who appears nervous before boarding an airplane may be a terrorist, or he may just be afraid to fly -- something he would likely be pressured to explain if he's pulled aside.
All programs that collect or mine data or that conduct behavioral surveillance should be evaluated to determine how effective they are, whether they are lawful, and how they impact Americans' privacy, the report concludes. It offers a framework to help agencies and oversight bodies conduct these evaluations, which should include both new and existing programs.
Currently there are limits on what data may be collected, but few restrictions on how already-collected information can be used, the report notes. So an agency could gain access to a corporate database, mine it for counterterrorism purposes, and then give it to another agency to find tax evaders or deadbeat dads who are behind on child support payments. Policymakers should consider new restrictions to help prevent this "mission creep," the report says.
Innocent people who are harmed by violations of privacy should have some form of redress, the report adds. At the very least, this should include an acknowledgment of the violation and some action to lower the likelihood that it would happen again. -- Sara Frueh
Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment. Committee on Technical and Privacy Dimensions of Information for Terrorism Prevention and Other National Goals, Division of Behavioral and Social Sciences and Education and Division on Engineering and Physical Sciences (2008, 376 pp.; ISBN 0-309-12488-3; available from the National Academies Press, tel. 1-800-624-6242; $49.00 plus $4.50 shipping for single copies).
The committee was co-chaired by William Perry, former U.S. secretary of defense and Michael and Barbara Berberian Professor at Stanford University; and Charles Vest, president of the National Academy of Engineering. The study was funded by the U.S. Department of Homeland Security and the National Science Foundation.