Posted on 11/26/2002 6:38:06 AM PST by Stand Watch Listen
"Information-sharing" has been the mantra driving the creation of the Homeland Security Department. That refrain seems straightforward enough until policy makers pause to consider what it means for government to collect and use personal information in the war on terrorism. They will find both practical and legal obstacles--including the Privacy Act--to the creation of such government databases.The legislation creating the new department did nothing to loosen the government's data-handling rules, but an intense interest in one project, the Total Information Awareness system, within the Pentagon's Defense Advanced Research Projects Agency, has focused attention on the privacy issues inherent in information-sharing.
Although the homeland security bill included a $500 million authorization for a similarly named Homeland Security Advanced Research Projects Agency, it did nothing to advance the DARPA project. If anything, the bill strengthened privacy protections: The legislation rejected a national identification card and barred "Operation TIPS," a now-scuttled Justice Department plan for citizen informers that became controversial this summer.
It also requires that the new department hire a privacy officer. This senior official would be charged with assessing the privacy implications of all department rules and with implementing the Privacy Act.
The act, passed in 1974 in the wake of the Nixon White House's release of individuals' tax and FBI records, restricts the dissemination of personal information by federal agencies and requires the government to tell individuals how any of their personal information collected could be used. It also put checks on the transfer of data from one federal agency to another. But government agencies can avoid its strictures by contracting out much of their data-retrieval.
That strategy has become apparent in the way the FBI and other federal law enforcement agencies use the services of ChoicePoint, one of the major "look-up services" that aggregate data from credit reports, phone directories, and court records. Because the Privacy Act applies only to government databases, ChoicePoint's compilations of material in the public record are not subject to the law. Yet, using the database gives federal officials a powerful tool to conduct searches that were once possible only if the government assembled its own data.
The technology's power was demonstrated when a ChoicePoint official retrieved every address at which this reporter has ever lived, along with the names and Social Security numbers of all others who have also lived at each location.
That kind of power has led some to argue for greater FBI use of such databases. And the effort is now explicitly encouraged by Attorney General John D. Ashcroft's decision in May to eliminate investigative guidelines that once kept FBI officials from conducting such computer searches unless they had a reasonable suspicion about an individual. Those guidelines had been put in place in 1976 because of FBI spying on the Rev. Martin Luther King Jr. and others.
Announcing the change, Ashcroft declared that the rules had become outdated in the post-9/11 world--and many experts agree. "If the U.S. government had quick access to very obvious databases, they would have caught 11 of the 19 hijackers before they got on the plane," said Stewart Baker, a former general counsel for the National Security Agency who now represents Internet service providers. Two of the hijackers were on a terrorist watch list, and running their names through a lookup service would have yielded the names of four others who lived with them or shared frequent-flyer numbers with them, Baker said. Accessing the phone records of those six could have led law enforcement to five more. If businesses are already routinely conducting such "data-mining," Baker said, "I would just as soon the U.S. government use it to find terrorists."
That kind of thinking is certainly welcome at the Justice Department, which is actively looking for other ways to collapse long-standing walls limiting the use of information. The department scored another victory on Monday when an appeals court ruled that it could conduct crime-related electronic surveillance of U.S. citizens under a looser standard that has historically applied only to foreign agents.
"The attorney general and the president have asked us to move law enforcement to an ethic of prevention, hoping to prevent the next terrorism attack rather than cleaning up the mess" after the fact, said Viet Dinh, the assistant attorney general responsible for Justice's Office of Legal Policy. He said the department does not seek to collect "information on law-abiding citizens" but to "make better use of the information we have already collected through lawful means."
But many privacy experts believe that the government wants to take the next step and assemble databases of more routine activities and transactions, all in the hope of uncovering patterns that could aid anti-terror efforts. That action will almost certainly run up against the Privacy Act's emphasis on using data only for the purpose for which it was collected--and many will cry foul. Says Robert Gellman, a consultant who conducted congressional oversight of the Privacy Act for several years: "Government can't collect everything in the hopes that it might be useful."
The technology's power was demonstrated when a ChoicePoint official retrieved every address at which this reporter has ever lived, along with the names and Social Security numbers of all others who have also lived at each location.
Interesting. Perhaps the feds exempted themselves from the Gramm-Leach-Bliley Act of 2001, which I believe puts limits on such queries.
As for Gramm-Leach-Bliley (15 USC 1, §§6801-6810), section 6802(e)(5) says "Subsections (a) and (b) of this section shall not prohibit the disclosure of nonpublic personal information...to the extent specifically permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978 (12 U.S.C. 3401 et seq.), to law enforcement agencies (including a Federal functional regulator, the Secretary of the Treasury with respect to subchapter II of chapter 53 of title 31, and chapter 2 of title I of Public Law 91-508 (12 U.S.C. 1951-1959), a State insurance authority, or the Federal Trade Commission), self-regulatory organizations, or for an investigation on a matter related to public safety."
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.