Thursday, January 11, 2007

Citizens said to lack legal protection from government data mining

USA TODAY
Citizens said to lack legal protection from government data mining

WASHINGTON (AP) — The government's ability to use computers to gather personal information about citizens and act on it has far outstripped the federal laws designed to protect them from secret federal dossiers, a privacy advocate told Congress on Wednesday.

Leslie Harris, executive director of the Center for Democracy and Technology, asked the Senate Judiciary Committee to update the Privacy Act and other laws to keep pace with the Digital Age.

She was among a handful of think-tank scholars and privacy advocates who testified Wednesday about government data-mining — the computerized searching of large banks of information for clues to the identity of terrorists or criminals. Their broadest area of agreement was that Congress needs to know much more about what the government is doing in data-mining.

Judiciary Chairman Sen. Patrick Leahy, D-Vt., said this hearing, the first since Democrats retook control of the Senate, was the beginning of a series on privacy-related issues.

Noting that congressional auditors in 2004 found 199 data-mining programs operating or planned in federal agencies, Leahy said, "Congress is overdue in taking stock of the proliferation of these databases."

To that end, panel member Sen. Russ Feingold, D-Wis., introduced a bill Wednesday co-sponsored by Leahy and endorsed by several witnesses.

Feingold told the hearing that his proposed Federal Data Mining Reporting Act would require federal agencies to regularly inform Congress about their use of data mining "to discover predictive or anomalous patterns indicating criminal or terrorist activity — the types of data analysis that raise the most serious privacy concerns."

While acknowledging terrorism is a threat, Harris told the committee: "Especially in the counterterrorism context, a major shift in the data collection and use landscape is taking place without a suitable privacy and due process framework."

"The government is accessing entire buckets of data without a warrant" and without specific suspicion of particular individuals, Harris said.

An individual mistakenly designated as a possible terrorist or associate of terrorists can face "arrest, deportation, loss of a job, more intrusive investigation, discrimination, damage to reputation and a lifetime of suspicion, with little or no opportunity for redress or correction of errors," Harris said.

She said the impact of technological innovations combined with new government powers enacted after the Sept. 11, 2001, attacks and outdated legal protections was illustrated by the Customs and Border Protection agency's "Automated Targeting System."

The Associated Press disclosed last month that the system had been developing risk assessments of millions of Americans over the last four years without their knowledge. The AP also reported those assessments of people who traveled aboard were to be kept for 40 years and could be shared with state, local and foreign governments and even some private contractors.

Under existing law, "a risk score developed for border screening purposes could easily migrate to other uses (years after the citizen was determined not to be a threat)," Harris said.

Customs officials say the program is legal and essential to keeping terrorists out of the country. Leahy said last month on C-Span's "Newsmakers" program he thought it violated a congressional ban using on data-mining tools to assign risk to passengers not on watch lists.