17 May 2004


New York Times, May 17, 2004


Security With Liberty


WASHINGTON — The draft of a report of great importance to our personal lives as well as our nation's security has been floating around Congress and the administration for the past two months.

Because "Safeguarding Privacy in the Fight Against Terrorism" is not stamped secret — and because it is intended to prevent a future body blow to our system rather than expose a past scandal — the 119-page document commissioned by the Department of Defense has not surfaced until now.

Cast your mind back about 18 months to revelations of a "Total Information Awareness" project under way in the Pentagon. Adm. John Poindexter, a brilliant mind with no common sense, headed a team of top technicians assembling a "centralized grand database." Its Latin motto translated as "Knowledge Is Power."

But the government's knowledge of everything we say and do — from our bank accounts and credit charges, medical and academic records, travel plans and Internet visits, e-mail and cellphone bills, added to police, F.B.I. and C.I.A. raw files — concentrates too much power and invites abuse. Congress, aroused by the press, wisely refused to fund it.

The Pentagon responded sensibly. The dangerous idea of programming computers with the likely or even far-fetched plans of terrorists, and then "mining" databases both commercial and governmental to fit those patterns — thereby to turn up suspicious movements and potential suspects — is curiously creative.

But how could it be done without turning the U.S. into a police state? As originally set up, the civil liberties canary in the data mine died for lack of safeguards.

A year ago, Defense Secretary Donald Rumsfeld decided that this thinking "outside the box" had to be rethought outside the Pentagon. He appointed a Technology and Privacy Advisory Committee, unique in this administration, of heavy hitters in the law. Newt (Vast Wasteland) Minow is the chairman; members are Floyd Abrams, Zoë Baird, Griffin Bell, Gerhard Casper, William Coleman, Lloyd Cutler and John Marsh.

These are serious old pros, mostly Democrats, who are not bedazzled by the ever-changing techiedegook. When the supersnoops described "a series of increasingly powerful configurations that can be stress-tested in operationally relevant environments using real-time feedbacks," Abrams dismissed such foo-foo dust as "simply not comprehensible."

In plain language, the Minow committee finds that the defunded program "was a flawed effort to achieve worthwhile ends." It concludes that laws covering data mining are "disjointed and often outdated, and as a result may compromise the protection of privacy, public confidence and the nation's ability to craft effective and lawful responses to terrorism."

Then the panel tells the administration, in constructive detail, how to go about tracking terror without destroying all privacy. It includes calls for: written findings by top officials before undertaking any mining; appointing a policy-level privacy officer; making data anonymous; creating an audit trail; court authorization; oversight by a single committee of Congress; developing "technological and other tools for enhancing privacy protection"; and "a culture of sensitivity to . . . privacy issues."

Is this enough? Not quite. The committee is too trusting of judges; in 35 years, federal and state courts have approved 29,250 wiretap orders and turned down only 32. It also thinks that the main flaw in the original proposal was an insensitive presentation. But this is a good-faith attempt to strike a balance, and Bill Coleman's objections supporting Poindexter and paying lip service to privacy underscore the majority's attempt to satisfy civil libertarians.

In obtaining actionable antiterror intelligence, there is a connection between (1) today's concern for protecting a prisoner's right to humane treatment and (2) tomorrow's concern about protecting free people's right to keep the government from poking into the most intimate details of their lives.

Must we wait until intrusive general searches mushroom into scandal, weakening our ability to collect information that saves lives? Congress should debate this Pentagon report balancing personal liberty and national security now, exercising foresight, rather than years from now, in the high dudgeon of hindsight.


New York Times, May 17, 2004

Panel Urges New Protection on Federal 'Data Mining'


WASHINGTON, May 16 - A federal advisory committee says Congress should pass laws to protect the civil liberties of Americans when the government sifts through computer records and data files for information about terrorists.

"The Department of Defense should safeguard the privacy of U.S. persons when using data mining to fight terrorism," the panel says in a report to Defense Secretary Donald H. Rumsfeld. The report, expected to be issued in about two weeks, says privacy laws lag far behind advances in information and communications technology.

The eight-member panel, which includes former officials with decades of high-level government experience, found that the Defense Department and many other agencies were collecting and using "personally identifiable information on U.S. persons for national security and law enforcement purposes." Some of these activities, it said, resemble the Pentagon program initially known as Total Information Awareness, which was intended to catch terrorists before they struck, by monitoring e-mail messages and databases of financial, medical and travel information.

The Pentagon program, later renamed Terrorism Information Awareness, was flawed from the start, though its goal was worthwhile, the panel said. "Our nation should use information technology and the power to search digital data to fight terrorism, but should protect privacy while doing so," it concluded. "In developing and using data mining tools, the government can and must protect privacy."

Data mining is defined in the report to mean "searches of one or more electronic databases of information concerning U.S. persons, by or on behalf of an agency or employee of the government."

The panel, the Technology and Privacy Advisory Committee, said the Pentagon program was "not the tip of the iceberg, but rather one small specimen in a sea of icebergs."

Although the panel was created by Mr. Rumsfeld to scrutinize Pentagon programs, it offers sweeping recommendations for privacy safeguards throughout the government.

"The privacy issues presented by data mining cannot be resolved by the Department of Defense alone," the panel said. "Action by Congress, the president and the courts is necessary as well."

One of the panel's most important recommendations is to involve the courts in deciding when the government can search electronic databases.

In general, it said, the Defense Department and other federal agencies should be required to obtain approval from a special federal court "before engaging in data mining with personally identifiable information concerning U.S. persons."

To obtain such approval, the government would have to show that it needed the information to prevent or respond to terrorism. In an emergency, the government would not have to get approval in advance, but would need to seek a court order within 48 hours of beginning the search.

Lawyers who work with the panel said its report was sent to the printer earlier this month and would probably be issued within two weeks. A copy was obtained by The New York Times.

Senator Ron Wyden, the Oregon Democrat who led opposition to the Pentagon program, said Sunday that he had not seen the report but that it sounded like "a very constructive step."

"This confirms what I've been saying as a member of the Senate Intelligence Committee," Mr. Wyden said. "It's possible to fight terrorism ferociously without gutting civil liberties. The challenge in striking that balance is to have ground rules. I've introduced a bill to set rules for data mining by the federal government. I suspect that federal agencies are doing an immense amount of data mining."

The panel said existing laws on information privacy were so disjointed and out of date that they threatened "efforts to fight terrorism and the constitutionally protected rights of U.S. persons," defined as citizens and permanent resident aliens.

"Government access to personal data can threaten individual liberty and invade constitutionally protected informational privacy rights," the panel said, and these risks will grow as the government amasses data on United States citizens who have done nothing to warrant suspicion.

Under the panel's recommendations, a federal agency could search an electronic database of publicly available information without a court order. But the head of the agency would still have to certify in writing that the data mining was necessary and appropriate for a lawful purpose. This requirement would apply to electronic databases of "information that is routinely available without charge or subscription to the public - on the Internet, in telephone directories or in public records."

The panel, headed by Newton N. Minow, a former chairman of the Federal Communications Commission, acknowledged that its proposals would "impose additional burdens on government officials." But, it said, the requirements would enhance personal privacy and national security by clarifying the rules.

"Good privacy protection in the context of data mining is often consistent with more efficient investigation," the panel said.

The greatest risk of data mining by the government is that it "chills individual behavior," so people become more likely to follow social norms and less likely to dissent, the panel said. The report traces the tension between security and liberty to the earliest days of the Republic. "Those who trade liberty for safety all too often achieve neither," it says, echoing Benjamin Franklin.

One member of the panel, William T. Coleman Jr., who was transportation secretary in the Ford administration, filed a lengthy dissent, asserting that the proposed restrictions could cripple the fight against terrorism. The proposals, he said, go far beyond what is required by the Constitution, federal laws or Supreme Court decisions.

But the panel insisted its proposals would not interfere with searches based on "particularized suspicion about a specific individual, including searches to identify or locate a suspected terrorist." Federal agents could still review passenger lists for airlines and cruise ships without new regulatory requirements.

Mr. Rumsfeld appointed the panel in February 2003 to quell a political uproar over the Pentagon data mining program, headed by John M. Poindexter, a retired rear admiral. Congress cut off money for the program in September 2003, with certain exceptions described in a "classified annex" to the 2004 military spending law.

Members of the panel, besides Mr. Minow and Mr. Coleman, were Floyd Abrams, a leading First Amendment lawyer; Zoë Baird, president of the Markle Foundation, which focuses on information technology; Griffin B. Bell, who was attorney general under President Jimmy Carter; Gerhard Casper, former president of Stanford University; Lloyd N. Cutler, who was White House counsel under Mr. Carter and President Bill Clinton; and John O. Marsh Jr., an aide to President Gerald R. Ford who later served as secretary of the Army.