CQ HOMELAND SECURITY INTELLIGENCE

E-Government: Data-Mining Efforts Widespread in Federal Agencies

By Martin Edwin Andersen, CQ Staff May 27, 2004 Despite ongoing controversies about the effect of government data-mining programs on personal privacy and civil liberties, a new General Accounting Office (GAO) report shows the practice is widespread within the federal government. GAO surveyed 128 federal departments and agencies and found that 52 currently use, or are planning to use, data-mining programs for scores of activities ranging from improving service, performance, and human resource management to analyzing intelligence and uncovering terrorist activities. Data mining refers to the use of computer programs to plumb vast stores of records, including private information, for hidden patterns and relationships among disparate pieces of information. Sen. Daniel K. Akaka, D-Hawaii, who requested the GAO study, said in a release he is disturbed by the high number of data mining activities in the federal government involving personal information. The federal government collects and uses Americans personal information and shares it with other agencies to an astonishing degree, raising serious privacy concerns. The American Civil Liberties Union (ACLU) and other privacy watchdog organizations also said the GAO report was troubling. We always knew that the Pentagons Total Information Awareness program was not the only data-surveillance program out there, but it now appears possible that such activities are even more widespread than we imagined, Barry Steinhardt, director of the ACLUs technology and liberty program, said in a press statement. We need to find out right away whether these programs are indeed threatening, or whether their use of information is benign, he added.
1

Revelations last year about the existence of the Total Information Awareness program, its stated purpose of developing a far-reaching surveillance network, and the involvement of Iran-contra figure Adm. John Poindexter in the project caused the Pentagon to restructure the program, giving it a new name and moving some of its parts to other programs. Poindexter eventually resigned his post at the Pentagons Office of Information Awareness. Earlier this year, however, press reports and former Pentagon officials confirmed that the DoDs classified budget contained money for the advanced data-mining and intelligence software. Data Surveillance The ACLU warned that the GAO study had revealed at least four programs that may be accessing and analyzing private-sector databases in ways that approach the data surveillance of ordinary citizens. Two of those programs Analysts Notebook i2, which the GAO said correlates events and people to specific information, and the Case Management Data Mart, which assists in managing law enforcement cases by means of using private sector information are run by the Department of Homeland Security. The two other programs are run by the Defense Intelligence Agency, the GAO said. The GAO report said the Defense Department is the most frequent user of datamining programs to analyze intelligence and detect terrorist activities, accounting for five of the 14 intelligence- and terror-related programs it identified. DHS had four programs aimed at intelligence or anti-terrorism, and the Justice Department ran three, GAO said. The Centers for Disease Control and Prevention operated one, GAO said the BioSense system, which is designed to bolster the nations capability to rapidly detect bioterrorism events. In addition, the GAO reported, the Department of Energy has three data-mining systems two of which are operational whose purpose was described as detecting criminal activities or patterns. In all, GAO identified 199 data-mining programs in the federal government, 131 of
2

which were operational and 68 of which were in some stages of planning. Of those, 122 use or plan to use personal information. DHS operates 14 data-mining programs, GAO said: five for improving service of performance; four for analyzing intelligence and detecting terrorist activities; two for detecting criminal activities or patterns; two for managing human resources; and one for disaster response and recovery. Eleven of those were operational, whereas the three others including two with counterterror applications were said to be planned. Lack of Oversight In a May 27 letter to Akaka, the ACLU, the Center for Democracy and Technology, and the Electronic Privacy Information Center said the GAO report shows just how widespread the embrace of such powerful techniques is becoming within the government, and how little has been done to update our oversight mechanisms to compensate. And, they said, because most Americans daily transactions occur within the private sector which often has strong economic incentives to gather and store information government access to such databases creates the potential for a dramatic increase in government monitoring of individuals. Akakas office said in a press statement Thursday that a second GAO study, examining in greater detail selected data mining activities which use personal information, is being conducted to understand the privacy implications of such activities and to look at recommendations to protect civil liberties. Data-mining technology, the GAO said, enables corporations and government agencies to analyze massive volumes of data quickly and relatively inexpensively. Since the terrorist attacks of September 11, 2001, data mining has been seen increasingly as a useful tool to help detect terrorist threats by improving the collection and analysis of public and private sector data. GAO cited a recent report by the non-profit Markle Foundation that noted, the auditors said, that agencies may use such data not only for investigations of known terrorists, but also to perform large-scale data analysis and pattern discovery in order to discern potential terrorist activity by unknown individuals. Use of those techniques, such as in the Multistate Anti-Terrorism Information
3

Exchange Program (MATRIX), which links federal law enforcement agencies to their counterparts in five states, it added, raised public and congressional concerns regarding privacy. Public awareness of MATRIX and of similar large-scale data mining or data mininglike projects has led to concerns about the governments use of data mining to conduct mass datasurveillance a surveillance of large groups of people to sift through vast amounts of personally identifying data to find individuals who might fit a terrorist profile, GAO said. The GAO noted that the privacy issues raised by the governments data-mining activities include concerns about the quality and accuracy of the mined data; the use of the data for other than the original purpose for which the data was collected without the consent of the individual; the protection of the data against unauthorized access, modification, or disclosure; and the right of individuals to know about the collection of personal information, how to access that information, and how to request a correction of inaccurate information. Martin Edwin Andersen can be reached via eandersen@cq.com
Source: CQ Homeland Security 2004 Congressional Quarterly Inc. All Rights Reserved